Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
The Internet Government Networking Security IT

Another CA Issues False Certificates To Iran 229

Posted by timothy from the bad-juju dept.
arglebargle_xiv writes "Following on from Comodogate, we have another public CA issuing genuine false certificates to Iran, this time for Google. There's speculation that it's a MITM by the Iranian government, but given the existing record of CAs ready to sell certs to anyone whose check clears, it could just be another Comodogate." Another (anonymous) reader says, "What might be worrying is that the CA behind the forgery is the official supplier of most Dutch Government certificates, diginotar.nl. They are supposed to be very stringent in their application process. As a Dutchman, I'm very interested to see how this one plays out."
Adds Trailrunner7: "The attack appears to have been targeting Gmail users specifically. Some users trying to reach the Gmail servers over HTTPS found that their traffic was being rerouted through servers that shouldn't have been part of the equation. On Monday afternoon, security researcher Moxie Marlinspike checked the signatures on the certificate for the suspicious server, which had been posted to Pastebin and elsewhere on the Web, and found that the certificate was in fact valid. The attack is especially problematic because the certificate is a wildcard cert, meaning it is valid for any of Google's domains that use SSL."
This discussion has been archived. No new comments can be posted.

Another CA Issues False Certificates To Iran More

Another CA Issues False Certificates To Iran

Comments Filter:

  • More acronyms, please (Score:3, Funny)

    by mmarlett ( 520340 ) on Tuesday August 30, 2011 @12:30AM (#37250024)

    So, besides more Californias (CAs) offering more martinis-in-the-morning (MITMs) to confuse more octogenarians/septuagenarians (OSs), what does the Chicago Public School System (CPS) have to do with anything? Or is this one of those "hacker" things I've heard so much about?

  • Re:More acronyms, please (Score:5, Funny)

    by mysidia ( 191772 ) * on Tuesday August 30, 2011 @01:06AM (#37250172)

    The Californians provide a document specifying their chosen Chicago Public School System, which is digested by THE POWERS THAT BE to decide if the Californian is trusted to introduce UAs (Utah and Alaskans) to servers and vice versa (partially based on their record of providing the proper tip amounts to their servers).

    The problem is, this particular Californian has taken to introducing fake servers to the UAs (Utahns and Alaskans).

Slashdot Top Deals

"And remember: Evil will always prevail, because Good is dumb." -- Spaceballs

Close